wp_signon works local, not on https

Question

On my localhost environment the following code works perfect

    $creds['user_login'] = $user_login;
    $creds['user_password'] = $user_password;
    $user = wp_signon( $creds, true );
    if(!is_wp_error($user)) {
        wp_redirect('/home');
        exit;
    }

But on the server it doesn't work anymore. The user is never logged in. The website is hosted on a https subdomain on an external server.

I tried setting a cookie domain in my wp-config:

define('COOKIE_DOMAIN', '.domain.com');

And also with the subdomain included:

define('COOKIE_DOMAIN', 'sub.domain.com');

Neither worked for me.

The server runs on PHP 7.1 with Varnish. Swift Performance is used for caching.

Answer 1

Varnish was the problem.

Varnish removes cookies from the response. That's why it didn't work in our case!

Answer 2

You need to set the auth cookie after wp_signon. Add this code and try and let me know the result.

$user = wp_signon( $creds, false );

$userID = $user->ID;

wp_set_current_user( $userID, $creds['user_login']  );
wp_set_auth_cookie( $userID, true, false );
do_action( 'wp_login',$creds['user_login']  );